Is your business compliant with Rhode Island’s Mandatory Identity Theft Protection Act?
On June 26th, Governor Gina Raimondo signed the New Rhode Island Identity Theft Protection Act of 2015. Although, are you aware that updated provisions have been made, and businesses must comply?
You’re probably thinking if the act applies to your business?
It does apply for anyone or entity who or that “stores, collects, processes, maintains, acquires, owns, uses, or licenses personal information about a Rhode Island resident.” This act has no exclusions based upon an organization’s size or number of employees.
How is personal information defined?
An individual’s first name or first initial and last name, combined with any one or more of the following elements and when the name and data essentials are NOT encrypted or are in hard copy paper format:
- Driver’s License, RI identification number or tribal identification number
- Social Security Number
- Account Number, credit or debit number, with any required code / password that would permit access to an individual’s financial account
- Medical / Health Insurance information
- E-mail address with any required code or password that would permit access to an individual’s personal, medical, insurance, or financial account
* “Encrypted” requires that data be in a form in which there is low probability of assigning meaning without use of confidential process or key.
If your company falls under the categories listed, ask yourself the following:
- What must be done to protect the personal information of a RI resident?
- What if personal information is disclosed to a non-affiliated 3rd party?
- Who do I notify if a breach takes place?
- How can I remain proactive?
Please note, the act imposes civil consequences for EACH violation of up to $100 or $200 per record depending whether it was reckless or knowing, and willful. Also, the act does not have a cap on the total amount of imposed penalties.
What are your next steps?
Contact SecurityRI and can help conduct a FREE compliance audit. We’ll indicate your vulnerabilities and how you can limit your risk. (401) 231-8130 / firstname.lastname@example.org.